Disconnect User from All Sessions When PAM Account is Checked In

Enhance Privileged Access Manager (PAM) to disconnect a target account from all current sessions where it is being used when the account is"checked in". A user should not be able to continue utilizing a credential that is no longer assigned by PAM to him. A PAM administrator who sees malicious activity in process using one of the target accounts could quickly prevent further system damage by checking i the account.

Can you elaborate a little more? If the User is connected to the Target server out-of-band from CA PAM, we would have no control. This sounds like the cases we were attempting to solve with recently introduced (2.8.1) features Please take a look at the docops wiki for 2.8.1